US9497185B2 - Systems, methods, and computer program products for providing application validation - Google Patents
Systems, methods, and computer program products for providing application validation Download PDFInfo
- Publication number
- US9497185B2 US9497185B2 US14/567,184 US201414567184A US9497185B2 US 9497185 B2 US9497185 B2 US 9497185B2 US 201414567184 A US201414567184 A US 201414567184A US 9497185 B2 US9497185 B2 US 9497185B2
- Authority
- US
- United States
- Prior art keywords
- ticket
- wallet
- encrypted
- unencrypted
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004590 computer program Methods 0.000 title claims abstract description 15
- 238000010200 validation analysis Methods 0.000 title claims abstract description 13
- 238000003860 storage Methods 0.000 claims description 19
- 238000004891 communication Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000004913 activation Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Definitions
- the present invention relates to application validation, and more particularly to systems, methods, and computer program products for providing key encryption.
- a mobile wallet application deployed on a mobile device.
- the mobile wallet application on a mobile device may communicate with a wallet server in order to exchange (e.g., transmit and receive) data and manage aspects of the mobile wallet.
- These communications often need to be secure, as they may include, for example, sensitive data such as personal or financial data.
- a user of a mobile wallet application (e.g., on a mobile device) might want to access an issuer's website (e.g., Bank of America, American Express, etc.) via the mobile wallet application interface, rather than through a separate application such as a web browser.
- the mobile wallet application must authenticate itself, ideally without having to prompt the user of the mobile wallet application to enter his or her credentials corresponding to the issuer's site each time that access is needed or requested.
- a session single sign-on key is used by the mobile wallet application to authenticate itself to other systems such as a wallet server (in turn, the server notifies the issuer that the client has been authenticated and thus access can be securely provided).
- the sign-on key is encrypted using a hardcoded key that is stored on the mobile wallet application and the wallet server.
- a hardcoded key that is stored on the mobile wallet application and the wallet server.
- this approach is problematic, because it makes all systems relying on that hardcoded key vulnerable in case the hardcoded key is compromised.
- this approach requires significant effort to update every system that utilizes the hardcoded key, such as every mobile device having a mobile wallet application. Sending a sign-on key that is not encrypted is not a realistic solution because of security vulnerability problems.
- one technical challenge involves providing a process for encrypting and decrypting a session key at and/or by multiple devices (e.g., a mobile wallet application on a mobile device, a wallet server) which is dynamic (e.g., not common to a large set of clients or servers).
- devices e.g., a mobile wallet application on a mobile device, a wallet server
- dynamic e.g., not common to a large set of clients or servers.
- the example embodiments presented herein meet the above-identified needs by providing systems, methods, and computer program products for providing application validation, and more particularly for providing key encryption.
- a system for providing application validation includes at least one memory operable to store an application, and a processor coupled to the memory.
- the processor is operable to transmit a first request to a ticket generation application and receive a first ticket including a first unencrypted portion and a first encrypted portion.
- the processor is further operable to transmit a second request to the ticket generation application and receive a second ticket including a second unencrypted portion and a second encrypted portion.
- the processor is operable to concatenate the first and second unencrypted portions to form an unencrypted shared encryption key, and to concatenate the first and second encrypted portions to form an encrypted shared encryption key.
- the unencrypted shared encryption key in the memory and the encrypted shared encryption key are transmitted to a server.
- a method for application validation.
- a first request is transmitted to a ticket generation application.
- a first ticket is received, including a first unencrypted portion and a first encrypted portion.
- a second request is transmitted to the ticket generation application.
- a second ticket is received, including a second unencrypted portion and a second encrypted portion.
- the first and second unencrypted portions are concatenated to form an unencrypted shared encryption key.
- the first and second encrypted portions are concatenated to form an encrypted shared encryption key.
- the unencrypted shared encryption key is stored in a memory and the encrypted shared encryption key are transmitted to a server.
- a non-transitory computer readable storage medium has stored thereon instructions which, when executed by a system including at least one processor and at least one memory, cause the system to perform a method for application validation.
- a first request is transmitted to a ticket generation application.
- a first ticket is received, including a first unencrypted portion and a first encrypted portion.
- a second request is transmitted to the ticket generation application.
- a second ticket is received, including a second unencrypted portion and a second encrypted portion.
- the first and second unencrypted portions are concatenated to form an unencrypted shared encryption key.
- the first and second encrypted portions are concatenated to form an encrypted shared encryption key.
- the unencrypted shared encryption key is stored in the memory, and the encrypted shared encryption key is transmitted to a server.
- FIG. 1 is a diagram of a mobile commerce system for providing key encryption according to an exemplary embodiment.
- FIG. 2 is a flowchart illustrating the steps for providing key encryption according to an exemplary embodiment.
- FIG. 3 is a sequence diagram illustrating a process for providing key encryption according to an exemplary embodiment.
- FIG. 4 is a view of an exemplary system and process for application validation according to an exemplary embodiment.
- FIG. 5 is a block diagram of a general or special purpose computer.
- the example embodiments presented herein are directed to application validation, and more particularly to systems, methods, and computer program products for key encryption, which are described in terms of an example mobile commerce system and/or environment including a mobile wallet application on a mobile device.
- a mobile wallet application on a mobile device and a wallet server used predetermined shared data to generate an encryption key for encrypting a session key which is both dynamically generated at run-time (reducing vulnerability) and specific to the mobile wallet application on the mobile device (reducing exposure).
- wallet client mobile wallet application
- mobile wallet mobile wallet
- mobile wallet server server
- server and/or the plural forms of these terms are used interchangeably herein to refer to a server system or other computing device which manages communications with the mobile wallet application on a mobile device.
- FIG. 1 is a diagram of a mobile commerce system for providing key encryption according to an exemplary embodiment.
- mobile device 101 communicates with wallet server 102 , which in turn communicates with wallet database 103 .
- wallet server 102 communicates with wallet database 103 .
- Aspects of example hardware for the mobile device 101 , wallet server 102 , and wallet database 103 are described more fully below with respect to FIG. 5 .
- mobile device 101 generates and stores a key encryption key (KEK).
- KEK key encryption key
- Mobile device 101 transmits an encrypted version of the KEK to wallet server 102 .
- Wallet server 102 decrypts the encrypted KEK received from the mobile device 101 and stores the unencrypted KEK in wallet database 103 , in association with the mobile device 101 .
- Mobile device 101 may be, for example, a cellular phone, tablet or the like, including, for example, a processor, a memory, a network interface and a display screen.
- Mobile device 101 includes a mobile wallet application 151 , which is an application stored on a memory of the mobile device 101 .
- Mobile wallet application 151 includes instructions which, when executed by a processor of the mobile device 101 , cause the mobile device 101 to act as an instrument for processing contactless transactions and the like.
- Mobile wallet application 151 also includes (e.g., uses, operates on, is associated with) data which may be stored on the memory of the mobile device 101 and/or on a secure element associated with the mobile device 101 .
- a secure element may be hardware and/or software implemented to store sensitive information and/or code applets, applications and packages. Physically, the secure element may be implemented as a universal integrated circuit card, an embedded secure element, or a micro secure digital (micro SD) card. Alternatively, the secure element may be implemented as a secure storage communicatively connected to the mobile device. For example, such a secure element may be cloud-based, virtual or remote storage.
- the secure element on mobile device 101 also stores other companion “applets,” which mobile wallet application 151 uses to perform different processes.
- a wallet companion applet (WCAp) 152 (shown in FIG. 3 ) may be stored on the secure element of the mobile device, and may be used as a companion and/or representative of mobile wallet application 151 .
- WCAp wallet companion applet
- Example aspects of a secure element are described in U.S. patent application Ser. No. 13/901,188, entitled “Systems, Methods, And Computer Program Products For Providing A Contactless Protocol”, the contents of which are incorporated herein by reference.
- mobile wallet application 151 may use WCAp 152 for, among other things, securely storing and managing data (e.g., critical data) in the secure element on its behalf.
- WCAp 152 maintains and/or stores data (e.g., data objects, data elements) used, or which may be used, by mobile wallet application 151 in the processing of contactless transactions.
- Wallet server 102 is, e.g., a server system or other computing device which manages communications with the mobile wallet application 151 on mobile device 101 , and provides interfaces for communication with other computer systems.
- Wallet database 103 stores data that wallet server 102 may utilize to perform one or more functions.
- the wallet database 103 may store the KEK received from mobile device 101 , after decryption by wallet server 102 , for use in a subsequent single sign-on (SSO) communication session, as described more fully below with respect to FIG. 2 .
- wallet database 103 may be physically incorporated in wallet server 102 , or may be separate from wallet server 102 .
- FIG. 2 is a flowchart illustrating the steps for providing key encryption according to an exemplary embodiment.
- the mobile wallet application 151 on mobile device 101 transmits a first request to a ticket generation application resident on mobile wallet application 151 .
- the ticket generation application is WCAp 152 stored on the secure element of the mobile device 101 .
- the mobile wallet application 151 on mobile device 101 can transmit a ticket request (“first request”) to WCAp 152 , e.g., by calling a function “GenerateSignedTicket” of WCAp 152 .
- WCAp 152 generates and returns a signed ticket which includes combinations of a ticket identification (ticket ID), which is a sequence of bits (e.g., 8 bytes) which changes predictably over time (i.e., a continuously running sequence counting from 0 to 999999), and a ticket token, which is a random number (e.g., 8 bytes).
- ticket ID is a sequence of bits (e.g., 8 bytes) which changes predictably over time (i.e., a continuously running sequence counting from 0 to 999999)
- ticket token which is a random number (e.g., 8 bytes).
- the ticket generation application generates tickets using at least a ticket token, the ticket token being a random value unique to the ticket token, and a ticket ID, which is based on a constantly changing sequence.
- the ticket ID and ticket token are therefore unique to each ticket request, such as the first request transmitted at step 201 .
- a returned “ticket” is an exclusive OR operation (XOR) of the bits of the ticket ID and the ticket token (ticket ID XOR ticket token).
- XOR exclusive OR operation
- An XOR operation is a logical operation that outputs true whenever both inputs differ (e.g., when one is “1” and the other is “0”).
- Each call to the “GenerateSignedTicket” function may return an encrypted version of the same ticket.
- the encrypted ticket is created by encrypting the XOR of the ticket ID and ticket token using an authentication key known by the WCAp 151 by, for example, having been provided that authentication key by wallet server 102 during activation.
- wallet server 102 creates an “authentication key” corresponding to each mobile wallet application (e.g., mobile wallet application 151 or a wallet identification (wallet ID) corresponding thereto).
- Wallet server 102 stores that authentication key in its database (e.g., wallet database 103 ) and also sends it to be stored in WCAp 152 on the secure element of mobile device 101 .
- an authentication key corresponding to mobile wallet application 151 is stored in (1) the secure element corresponding to the mobile device on which mobile wallet application 151 is installed, and (2) wallet database 103 .
- mobile wallet application 151 When a user wants to access an issuer's site through mobile wallet application 151 , a session must be set up. Accordingly, mobile wallet application 151 communicates with WCAp 152 on the secure element and calls the aforementioned GenerateSignedTicket function.
- the mobile wallet application 151 on mobile device 101 receives a ticket (“first ticket”) from WCAp 152 in response to the first request.
- WCAp 152 in response to the first call to the GenerateSignedTicket function, WCAp 152 generates a ticket ID 1 , and generates a ticket token 1 .
- the WCAp 152 uses the ticket ID 1 and ticket token 1 to create a ticket 1 , by XOR'ing the ticket ID 1 and the ticket token 1 . That ticket 1 is unencrypted and can be referred to as KEK 1 .
- WCAp 152 then performs the same XOR operation (or, alternatively, uses the result of the first XOR operation) using the ticket ID 1 and ticket token 1 , and encrypts the resulting ticket 1 using the authentication key which is only stored in the secure element of mobile device 101 and wallet server 102 .
- the authentication key in WCAp 152 is a “shared secret” used by both mobile wallet application 151 and wallet server 102 . That resulting encrypted ticket 1 can be referred to as encrypted KEK 1 .
- mobile wallet application 151 on mobile device 101 transmits a second request to WCAp 152 for a ticket (e.g., calls the GenerateSignedTicket function).
- the WCAP 152 generates a new ticket ID 2 and ticket token 2 , XOR's those to create a ticket 2 (to be referred to as “KEK 2 ” or “second ticket”), and in turn encrypts ticket 2 using the authentication key (the “shared secret” discussed above) to obtain encrypted ticket 2 . That resulting encrypted ticket 2 can be referred to as encrypted KEK 2 .
- mobile wallet application 151 on mobile device 101 receives the second ticket, including a second unencrypted portion and a second encrypted portion, from the WCAp 152 .
- mobile wallet application 151 on mobile device 101 receives the second unencrypted portion KEK 2 , and the second encrypted portion encrypted KEK 2 .
- each of KEK 2 and encrypted KEK 2 can be 8 bytes, for a total of 16 bytes returned to the mobile wallet application 151 .
- the mobile wallet application 151 on the mobile device 101 combines (e.g. concatenates) the unencrypted portions of each ticket to form an unencrypted key.
- the mobile wallet application 151 combines KEK 1 and KEK 2 to form an unencrypted key (“KEK”).
- KEK is 16 bytes (8 bytes of KEK 1 +8 bytes of KEK 2 ).
- the mobile wallet application 151 on mobile device 101 concatenates the encrypted portions of each ticket to form an encrypted key.
- the mobile wallet application 151 concatenates encrypted KEK 1 with encrypted KEK 2 to arrive at encrypted KEK.
- encrypted KEK is also 16 bytes (8 bytes of encrypted KEK 1 +8 bytes of encrypted KEK 2 ).
- the mobile wallet application 151 has two versions of a key—one unencrypted version (KEK) and one encrypted version (encrypted KEK).
- step 207 the mobile wallet application 151 on mobile device 101 stores the unencrypted key KEK locally.
- WCAp 152 stores KEK locally at mobile device 101 , for example in the secure element of the mobile device 101 .
- step 208 the encrypted key (encrypted KEK) is transmitted to wallet server 102 .
- Wallet server 102 communicates with wallet database 103 to obtain the authentication key associated with mobile wallet application 151 (or the wallet ID corresponding to wallet application 151 ).
- Wallet server 102 then decrypts the first half of the encrypted KEK using the authentication key, to arrive at (unencrypted) KEK 1 , and then decrypts the second half of the encrypted KEK using the authentication key, to arrive at (unencrypted KEK 2 ).
- Wallet server 102 then combines (e.g. concatenates) KEK 1 and KEK 2 to arrive at KEK, which it stores in wallet database 103 in association with mobile wallet application 151 (or its wallet ID).
- wallet server 102 and mobile wallet application 151 both now have a fully encrypted and secure secret which they share, that is, the KEK. That is, when a user wishes to access an issuer site, wallet server 102 may send to the mobile wallet application 151 a session encryption key and session sign-on key, both of which wallet server 102 has encrypted using the KEK.
- Mobile wallet application 151 now having the KEK stored in the secure element (by the WCAp 152 ), can decrypt the received session encryption key and session sign-on key using the KEK.
- FIG. 3 is a sequence diagram illustrating a process for providing key encryption according to an exemplary embodiment.
- FIG. 3 depicts a sequence diagram of communications between mobile wallet application 151 and WCAp 152 on mobile device 101 , wallet server 102 , and wallet database 103 .
- mobile wallet application 151 sends two “Generate Signed Ticket” requests to WCAp 152 (e.g., calls the function GenerateSignedTicket twice). For purposes of simplicity, these requests are discussed together, but it should be understood that the requests may instead be sent sequentially, with a combination of the results from one request being performed before making the next request.
- step 302 WCAp 152 generates a ticket ID, and in step 303 , generates a ticket token.
- the ticket is generated from a combination of the ticket ID and ticket token as discussed above with reference to FIG. 2 .
- the encrypted portions returned by WCAp 152 are encrypted using an authentication key provided during activation, as discussed above with reference to FIG. 2 .
- Steps 302 to 304 are performed for each of the two “Generate Signed Ticket” requests.
- step 305 mobile wallet application 151 receives the ticket responses to each of the requests sent in step 301 .
- the ticket responses to the above requests contain KEK 1 and encrypted KEK 1 (first ticket request), and KEK 2 and encrypted KEK 2 (second ticket request).
- Mobile wallet application 151 combines KEK 1 and KEK 2 to form KEK and stores it locally.
- step 306 the encrypted KEK is sent to wallet server 102 . Additional information, such as an ID identifying mobile wallet application 151 , may also be transmitted therewith.
- wallet server 102 decrypts the encrypted KEK, and stores the KEK (along with associated information such as a wallet ID) in wallet database 103 .
- FIG. 4 is a view of an exemplary system and process for application validation according to an exemplary embodiment.
- FIG. 4 is a view of an exemplary system and process for a single sign-on (SSO) communication session between the mobile wallet application 151 on mobile device 101 and wallet server 102 .
- SSO single sign-on
- one example environment in which key encryption is used is a sign-on with a service provider such as a card issuer associated with the user's mobile wallet, e.g., the mobile wallet on mobile device 101 .
- a service provider such as a card issuer associated with the user's mobile wallet, e.g., the mobile wallet on mobile device 101 .
- the card may have buttons or other inputs allowing management of the card.
- the actions for the card are often performed on the issuer side (e.g., at the issuer site), not at the mobile device 101 or the mobile wallet application interface.
- the mobile device 101 to communicate securely with the issuer.
- a user of a mobile wallet application wants to access an issuer's website (e.g., Bank of America, etc.) via the mobile wallet application 151 (and/or its interface), rather than the issuer's website.
- issuer's website e.g., Bank of America, etc.
- mobile wallet application 151 must authenticate itself to wallet server 102 , ideally without having to ask the user of the mobile wallet application 151 to enter the user's credentials for the issuer's site again.
- a single session sign-on key is used by mobile wallet application 151 to authenticate itself to the wallet server 102 (which, in turn, notifies the issuer that the client has been authenticated and thus access is OK).
- the sign-on key has previously been encrypted using a hardcoded key stored on the client and the server.
- this is problematic because it would make all systems vulnerable, and if the key is changed, it would be a lot of work to update every client.
- Sending a sign-on key that is not encrypted is not a realistic solution to the problem because of the obvious vulnerability problems.
- FIG. 4 depicts one example embodiment in which the KEK generated as described above may be used.
- ESB 104 enterprise service bus
- ESB 104 is provided for managing communications between mutually interacting systems and/or entities.
- the ESB 104 is operable to perform duties such as managing and controlling requests and messages, handling and choreographing events, queuing and organizing events, etc.
- Interacting systems and/or entities may be publishers that transmit data to ESB 104 .
- ESB 104 publishes the data to subscriber systems, such as systems corresponding to (or controlled and/or managed by) entities such as mobile network operators (MNOs), trusted service managers (TSMs), mobile wallets, mobile wallets issuers, and/or service providers.
- MNOs mobile network operators
- TSMs trusted service managers
- mobile wallets mobile wallets issuers, and/or service providers.
- ESB 104 is communicatively coupled to the wallet server 102 by any suitable communication channel.
- ESB 104 is communicatively coupled to the wallet server 102 by way of a direct connection, a proprietary network, a private network, a virtual private network (VPN), a network employing Hypertext Transfer Protocol (HTTP) standards, the Internet, and/or another type of network.
- ESB 104 in another example, is communicatively coupled to the wallet server 102 via a secured communication channel.
- mobile device 101 sends a request to start an SSO session to wallet server 102 .
- wallet server 102 sends an instruction to ESB 104 to start an SSO session.
- ESB 104 then communicates with an issuer (not shown) to request opening of the SSO session.
- the issuer returns SSO session information, which includes two SSO encryption keys for the SSO communication and the issuer URL, and ESB 104 forwards this session information to wallet server 102 .
- Wallet server 102 encrypts the SSO encryption keys and the SSO session information received from ESB 104 using the KEK, and transmits the encrypted SSO session information to mobile device 101 .
- mobile device 101 uses the KEK stored at its end to decrypt the SSO session information and obtain the encryption keys.
- a secure SSO communication session is established between mobile device 101 and wallet server 102 .
- mobile device 101 may establish a communication session with the issuer.
- the example embodiments described above such as, for example, the systems and procedures depicted in or discussed in connection with FIGS. 1-4 or any part or function thereof, may be implemented by using hardware, software or a combination of the two.
- the implementation may be in one or more computers or other processing systems. While manipulations performed by these example embodiments may have been referred to in terms commonly associated with mental operations performed by a human operator, no human operator is needed to perform any of the operations described herein. In other words, the operations may be completely implemented with machine operations.
- Useful machines for performing the operation of the example embodiments presented herein include general purpose digital computers or similar devices.
- FIG. 5 is a block diagram of a general and/or special purpose computer 500 , which may be a general and/or special purpose computing device, in accordance with some of the example embodiments of the invention.
- the computer 500 may be, for example, a user device, a user computer, a client computer and/or a server computer, among other things.
- the computer 500 may include without limitation a processor device 530 , a main memory 535 , and an interconnect bus 537 .
- the processor device 530 may include without limitation a single microprocessor, or may include a plurality of microprocessors for configuring the computer 500 as a multi-processor system.
- the main memory 535 stores, among other things, instructions and/or data for execution by the processor device 530 .
- the main memory 535 may include banks of dynamic random access memory (DRAM), as well as cache memory.
- DRAM dynamic random access memory
- the computer 500 may further include a mass storage device 540 , peripheral device(s) 542 , portable non-transitory storage medium device(s) 546 , input control device(s) 544 , a graphics subsystem 548 , and/or an output display 549 .
- a mass storage device 540 may further include a mass storage device 540 , peripheral device(s) 542 , portable non-transitory storage medium device(s) 546 , input control device(s) 544 , a graphics subsystem 548 , and/or an output display 549 .
- all components in the computer 500 are shown in FIG. 5 as being coupled via the bus 537 .
- the computer 500 is not so limited.
- Devices of the computer 500 may be coupled via one or more data transport means.
- the processor device 530 and/or the main memory 535 may be coupled via a local microprocessor bus.
- the mass storage device 540 , peripheral device(s) 542 , portable storage medium device(s) 546 , and/or graphics subsystem 548 may be coupled via one or more input/output (I/O) buses.
- the mass storage device 540 may be a nonvolatile storage device for storing data and/or instructions for use by the processor device 530 .
- the mass storage device 540 may be implemented, for example, with a magnetic disk drive or an optical disk drive.
- the mass storage device 540 is configured for loading contents of the mass storage device 540 into the main memory 535 .
- the portable storage medium device 546 operates in conjunction with a nonvolatile portable storage medium, such as, for example, a compact disc read only memory (CD-ROM), to input and output data and code to and from the computer 500 .
- a nonvolatile portable storage medium such as, for example, a compact disc read only memory (CD-ROM)
- the software for storing information may be stored on a portable storage medium, and may be inputted into the computer 500 via the portable storage medium device 546 .
- the peripheral device(s) 542 may include any type of computer support device, such as, for example, an input/output (I/O) interface configured to add additional functionality to the computer 500 .
- the peripheral device(s) 542 may include a network interface card for interfacing the computer 500 with a network 439 .
- the input control device(s) 544 provide a portion of the user interface for a user of the computer 500 .
- the input control device(s) 544 may include a keypad and/or a cursor control device.
- the keypad may be configured for inputting alphanumeric characters and/or other key information.
- the cursor control device may include, for example, a handheld controller or mouse, a trackball, a stylus, and/or cursor direction keys.
- the computer 500 may include the graphics subsystem 548 and the output display 549 .
- the output display 549 may include a cathode ray tube (CRT) display and/or a liquid crystal display (LCD).
- the graphics subsystem 548 receives textual and graphical information, and processes the information for output to the output display 549 .
- Each component of the computer 500 may represent a broad category of a computer component of a general and/or special purpose computer. Components of the computer 500 are not limited to the specific implementations provided here.
- Software embodiments of the example embodiments presented herein may be provided as a computer program product, or software, that may include an article of manufacture on a machine-accessible or machine-readable medium having instructions.
- the instructions on the non-transitory machine-accessible machine-readable or computer-readable medium may be used to program a computer system or other electronic device.
- the machine- or computer-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks or other types of media/machine-readable medium suitable for storing or transmitting electronic instructions.
- the techniques described herein are not limited to any particular software configuration. They may find applicability in any computing or processing environment.
- machine-accessible medium or “machine-readable medium” used herein shall include any medium that is capable of storing, encoding, or transmitting a sequence of instructions for execution by the machine and that causes the machine to perform any one of the methods described herein.
- software in one form or another (e.g., program, procedure, process, application, module, unit, logic, and so on), as taking an action or causing a result.
- Such expressions are merely a shorthand way of stating that the execution of the software by a processing system causes the processor to perform an action to produce a result.
- Portions of the example embodiments of the invention may be conveniently implemented by using a conventional general purpose computer, a specialized digital computer and/or a microprocessor programmed according to the teachings of the present disclosure, as is apparent to those skilled in the computer art.
- Appropriate software coding may readily be prepared by skilled programmers based on the teachings of the present disclosure.
- Some embodiments may also be implemented by the preparation of application-specific integrated circuits, field programmable gate arrays, or by interconnecting an appropriate network of conventional component circuits.
- the computer program product may be a storage medium or media having instructions stored thereon or therein which can be used to control, or cause, a computer to perform any of the procedures of the example embodiments of the invention.
- the storage medium may include without limitation a floppy disk, a mini disk, an optical disc, a Blu-ray Disc, a DVD, a CD or CD-ROM, a micro-drive, a magneto-optical disk, a ROM, a RAM, an EPROM, an EEPROM, a DRAM, a VRAM, a flash memory, a flash card, a magnetic card, an optical card, nanosystems, a molecular memory integrated circuit, a RAID, remote data storage/archive/warehousing, and/or any other type of device suitable for storing instructions and/or data.
- some implementations include software for controlling both the hardware of the general and/or special computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the example embodiments of the invention.
- software may include without limitation device drivers, operating systems, and user applications.
- computer readable media further include software for performing example aspects of the invention, as described above.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (18)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/567,184 US9497185B2 (en) | 2013-12-30 | 2014-12-11 | Systems, methods, and computer program products for providing application validation |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361921935P | 2013-12-30 | 2013-12-30 | |
US14/567,184 US9497185B2 (en) | 2013-12-30 | 2014-12-11 | Systems, methods, and computer program products for providing application validation |
Publications (2)
Publication Number | Publication Date |
---|---|
US20150188698A1 US20150188698A1 (en) | 2015-07-02 |
US9497185B2 true US9497185B2 (en) | 2016-11-15 |
Family
ID=53483147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/567,184 Active US9497185B2 (en) | 2013-12-30 | 2014-12-11 | Systems, methods, and computer program products for providing application validation |
Country Status (2)
Country | Link |
---|---|
US (1) | US9497185B2 (en) |
WO (1) | WO2015102839A1 (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9497185B2 (en) | 2013-12-30 | 2016-11-15 | Google Inc. | Systems, methods, and computer program products for providing application validation |
US10147087B2 (en) * | 2015-03-06 | 2018-12-04 | Mastercard International Incorporated | Primary account number (PAN) length issuer identifier in payment account number data field of a transaction authorization request message |
US9930121B2 (en) * | 2015-07-31 | 2018-03-27 | Intel Corporation | System, apparatus and method for optimizing symmetric key cache using tickets issued by a certificate status check service provider |
US9768953B2 (en) * | 2015-09-30 | 2017-09-19 | Pure Storage, Inc. | Resharing of a split secret |
US11182782B2 (en) | 2016-02-23 | 2021-11-23 | nChain Holdings Limited | Tokenisation method and system for implementing exchanges on a blockchain |
CN115641131A (en) | 2016-02-23 | 2023-01-24 | 区块链控股有限公司 | Method and system for secure transfer of entities over a blockchain |
BR112018016821A2 (en) | 2016-02-23 | 2018-12-26 | Nchain Holdings Ltd | computer-implemented system and methods |
AU2017222421B2 (en) | 2016-02-23 | 2022-09-01 | nChain Holdings Limited | Personal device security using elliptic curve cryptography for secret sharing |
WO2017145004A1 (en) | 2016-02-23 | 2017-08-31 | nChain Holdings Limited | Universal tokenisation system for blockchain-based cryptocurrencies |
CN117611331A (en) | 2016-02-23 | 2024-02-27 | 区块链控股有限公司 | Method and system for efficiently transferring entities on a point-to-point distributed book using blockchains |
SG10202007904SA (en) | 2016-02-23 | 2020-10-29 | Nchain Holdings Ltd | A method and system for securing computer software using a distributed hash table and a blockchain |
AU2017223133B2 (en) | 2016-02-23 | 2022-09-08 | nChain Holdings Limited | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys |
ES2680851T3 (en) | 2016-02-23 | 2018-09-11 | nChain Holdings Limited | Registration and automatic management method for smart contracts executed by blockchain |
US11606219B2 (en) | 2016-02-23 | 2023-03-14 | Nchain Licensing Ag | System and method for controlling asset-related actions via a block chain |
EA201891829A1 (en) | 2016-02-23 | 2019-02-28 | Нчейн Холдингс Лимитед | METHOD AND SYSTEM FOR EFFECTIVE TRANSFER OF CRYPTAL CURRENCY, ASSOCIATED WITH WAGES, IN THE BLOCKET FOR CREATING THE METHOD AND SYSTEM OF AUTOMATED AUTOMATED WAYS OF WAGES ON THE BASIS OF SMART-COUNTER CONTROL |
GB2561729A (en) * | 2016-02-23 | 2018-10-24 | Nchain Holdings Ltd | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system |
KR20180115768A (en) | 2016-02-23 | 2018-10-23 | 엔체인 홀딩스 리미티드 | Encryption method and system for secure extraction of data from a block chain |
JP6925346B2 (en) | 2016-02-23 | 2021-08-25 | エヌチェーン ホールディングス リミテッドNchain Holdings Limited | Exchange using blockchain-based tokenization |
JP6833861B2 (en) | 2016-02-23 | 2021-02-24 | エヌチェーン ホールディングス リミテッドNchain Holdings Limited | Agent-based Turing complete transaction with integrated feedback within the blockchain system |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030182553A1 (en) * | 2002-03-22 | 2003-09-25 | General Instrument Corporation | End-to end protection of media stream encryption keys for voice-over-IP systems |
US20040003287A1 (en) * | 2002-06-28 | 2004-01-01 | Zissimopoulos Vasileios Bill | Method for authenticating kerberos users from common web browsers |
US20040093419A1 (en) * | 2002-10-23 | 2004-05-13 | Weihl William E. | Method and system for secure content delivery |
US20040096056A1 (en) * | 2002-11-20 | 2004-05-20 | Boren Stephen Laurence | Method of encryption using multi-key process to create a variable-length key |
US20090110200A1 (en) * | 2007-10-25 | 2009-04-30 | Rahul Srinivas | Systems and methods for using external authentication service for kerberos pre-authentication |
US20130196931A1 (en) | 2007-04-13 | 2013-08-01 | Rijksuniversiteit Groningen | Means and methods for counteracting protein aggregation |
US20130204785A1 (en) | 2012-01-31 | 2013-08-08 | Justin T. Monk | Mobile managed service |
US20130212399A1 (en) | 2011-08-17 | 2013-08-15 | Geoffrey I. Cairns | Travel Vault |
US8543821B1 (en) * | 2011-10-28 | 2013-09-24 | Amazon Technologies, Inc. | Scalably displaying sensitive data to users with varying authorization levels |
US20130266141A1 (en) | 2012-04-10 | 2013-10-10 | Won-Tae Kim | Mobile device, method of processing an input in a mobile device and electronic payment method using a mobile device |
US20130275307A1 (en) * | 2012-04-13 | 2013-10-17 | Mastercard International Incorporated | Systems, methods, and computer readable media for conducting a transaction using cloud based credentials |
WO2015102839A1 (en) | 2013-12-30 | 2015-07-09 | Jvl Ventures, Llc | Systems, methods, and computer program products for providing application validation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7628322B2 (en) * | 2005-03-07 | 2009-12-08 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
-
2014
- 2014-12-11 US US14/567,184 patent/US9497185B2/en active Active
- 2014-12-11 WO PCT/US2014/069712 patent/WO2015102839A1/en active Application Filing
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030182553A1 (en) * | 2002-03-22 | 2003-09-25 | General Instrument Corporation | End-to end protection of media stream encryption keys for voice-over-IP systems |
US20040003287A1 (en) * | 2002-06-28 | 2004-01-01 | Zissimopoulos Vasileios Bill | Method for authenticating kerberos users from common web browsers |
US20040093419A1 (en) * | 2002-10-23 | 2004-05-13 | Weihl William E. | Method and system for secure content delivery |
US20040096056A1 (en) * | 2002-11-20 | 2004-05-20 | Boren Stephen Laurence | Method of encryption using multi-key process to create a variable-length key |
US20130196931A1 (en) | 2007-04-13 | 2013-08-01 | Rijksuniversiteit Groningen | Means and methods for counteracting protein aggregation |
US20090110200A1 (en) * | 2007-10-25 | 2009-04-30 | Rahul Srinivas | Systems and methods for using external authentication service for kerberos pre-authentication |
US20130212399A1 (en) | 2011-08-17 | 2013-08-15 | Geoffrey I. Cairns | Travel Vault |
US8543821B1 (en) * | 2011-10-28 | 2013-09-24 | Amazon Technologies, Inc. | Scalably displaying sensitive data to users with varying authorization levels |
US20130204785A1 (en) | 2012-01-31 | 2013-08-08 | Justin T. Monk | Mobile managed service |
US20130266141A1 (en) | 2012-04-10 | 2013-10-10 | Won-Tae Kim | Mobile device, method of processing an input in a mobile device and electronic payment method using a mobile device |
US20130275307A1 (en) * | 2012-04-13 | 2013-10-17 | Mastercard International Incorporated | Systems, methods, and computer readable media for conducting a transaction using cloud based credentials |
WO2015102839A1 (en) | 2013-12-30 | 2015-07-09 | Jvl Ventures, Llc | Systems, methods, and computer program products for providing application validation |
Non-Patent Citations (2)
Title |
---|
Kim, "International Search Report and Written Opinion issued in International Application No. PCT/US2014/069712 (GOOG-2393WP)", mailed on Feb. 26, 2015, 9 pages. |
Nakamura, "International Preliminary Report on Patentability issued in International Application No. PCT/US2014/069712", mailed on Jul. 14, 2016, 8 pages. |
Also Published As
Publication number | Publication date |
---|---|
US20150188698A1 (en) | 2015-07-02 |
WO2015102839A1 (en) | 2015-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9497185B2 (en) | Systems, methods, and computer program products for providing application validation | |
US20220255931A1 (en) | Domain unrestricted mobile initiated login | |
US11818120B2 (en) | Non-custodial tool for building decentralized computer applications | |
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
US20210056541A1 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
US10110579B2 (en) | Stateless and secure authentication | |
US11102191B2 (en) | Enabling single sign-on authentication for accessing protected network services | |
US9203819B2 (en) | Methods and systems for pairing devices | |
US11115394B2 (en) | Methods and systems for encrypting data for a web application | |
US20130086381A1 (en) | Multi-server authentication token data exchange | |
US9887993B2 (en) | Methods and systems for securing proofs of knowledge for privacy | |
US20180025332A1 (en) | Transaction facilitation | |
CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
CN101335754B (en) | Method for information verification using remote server | |
JP5827724B2 (en) | Method and apparatus for entering data | |
US20220400105A1 (en) | Method and system for generating encryption keys for transaction or connection data | |
JP2022528366A (en) | Computer systems and methods including the HTML browser approval approach | |
EP4123534A1 (en) | Transaction security techniques | |
CN115277078A (en) | Method, apparatus, device and medium for processing gene data | |
KR101708880B1 (en) | Integrated lon-in apparatus and integrated log-in method | |
JP2002247021A (en) | Method and device for displaying access limited contents | |
KR102547682B1 (en) | Server for supporting user identification using physically unclonable function based onetime password and operating method thereof | |
CN115514584B (en) | Server and credible security authentication method of financial related server | |
US20230299958A1 (en) | Methods and systems for authenticating a candidate user of a first and as second electronic service | |
CN118802306A (en) | Identity authentication method, device, equipment, medium and product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: JVL VENTURES, LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TSAI, WEIMIN;REEL/FRAME:034583/0614 Effective date: 20141205 |
|
AS | Assignment |
Owner name: GOOGLE INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JVL VENTURES, LLC;REEL/FRAME:035463/0544 Effective date: 20150220 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
CC | Certificate of correction | ||
AS | Assignment |
Owner name: GOOGLE LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:GOOGLE INC.;REEL/FRAME:044129/0001 Effective date: 20170929 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |